<?php
session_start();
include "library.php";
$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

//If user is not logged in, redirect to login page

if(!isset($_SESSION["username"])){
  header("Location:login.php");
}

//If user presses logout, delete session, and redirect

if(isset($_POST["logout"])){	
  session_unset();
  session_destroy();
  header("Location:home.php");
}

//Display specific information for a file

//Check to see if the session is set

if(!isset($_SESSION["file_name"]) && !isset($_GET["file_name"])){
  header("Location:members.php"); //Dump user on home page if no file is to be searched
}

//Print header
print_header($_SESSION["position"], 100);

//Create a string with file name

if(isset($_GET["file_name"])){
  $name = $_GET["file_name"];
}else{
  $name = $_SESSION["file_name"];
}
//Proceed to display file data
//Query file database to get the information based on the provided information
$query = sprintf("Select * FROM Files WHERE Name = '%s'",
	mysql_real_escape_string($name, $pwdb));
$results = dbquery($query);
$resultsFileOb = mysql_fetch_object($results);

//Get detailed user information from query result above
$queryUser = sprintf("Select * FROM Users WHERE UserNum = '%s'",
	mysql_real_escape_string($resultsFileOb->User, $pwdb));
$resultsUser = dbquery($queryUser);
$resultsUserOb = mysql_fetch_object($resultsUser);

$queryUser2 = sprintf("Select * FROM Users WHERE UserID = '%s'",
	mysql_real_escape_string($_SESSION["username"], $pwdb));
$resultsUser2 = dbquery($queryUser2);
$resultsUserOb2 = mysql_fetch_object($resultsUser2);



//If user submits a comment that has text, insert into database
//Run here so we have access to all of the object/arrays opened above

if(isset($_POST["add1"]) && $_POST["comment"] != ""){
  $commentQuery = sprintf("INSERT INTO Comments (Text, User, Time, File) VALUES ('%s','%s','%s','%s')",
	mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["comment"])), $pwdb),
	mysql_real_escape_string($resultsUserOb2->FirstName." ".$resultsUserOb2->LastName, $pwdb),
	mysql_real_escape_string(time(), $pwdb),
	mysql_real_escape_string($resultsFileOb->FileID, $pwdb));
  dbquery($commentQuery);
}

//Now we have all needed data to compile a full page of file information
echo "<h2>File Information</h2><BR><BR>";
echo "<table id = \"infotable\">";
echo "<tr><td>File Name</td><td>".$resultsFileOb->Name."</td></tr>";
echo "<tr><td>File Tags</td><td>".$resultsFileOb->Tag."</td></tr>";
echo "<tr><td>File Type</td><td>".$resultsFileOb->FileType."</td></tr>";

//Convert file size fromy bytes to mega bytes
$num = ($resultsFileOb->FileSize)/1000000;
$num_string = sprintf("%.3f",$num);
echo "<tr><td>File Size</td><td>".$num_string." MB</td></tr>";

//Determine if the file is public or private

if($resultsFileOb->Public_Private == '0'){
	$pub = "Private";
}else{
	$pub = "Public";
}
echo "<tr><td>Public/Private</td><td>".$pub."</td></tr>";
echo "<tr><td>File Uploaded</td><td>".date("F j, Y",$resultsFileOb->Time)."</td></tr>";
echo "<tr><td>File Owner</td><td>".$resultsUserOb->FirstName." ".$resultsUserOb->LastName."</td></tr>";
echo "<tr><td>Owner Email</td><td>".$resultsUserOb->Email."</td></tr>";
echo "<tr><td>Download Link</td><td><a href=\"/TEAMSCI/Download.php/?file=".$resultsFileOb->Name."\">Click Here</a> </td></tr>";

//Check to see if the filetype is an image

if(strcasecmp($resultsFileOb->FileType,"tiff") == 0 || strcasecmp($resultsFileOb->FileType,"png") == 0 || strcasecmp($resultsFileOb->FileType,"gif") == 0 || strcasecmp($resultsFileOb->FileType,"jpg") == 0 || strcasecmp($resultsFileOb->FileType,"raw") == 0 || strcasecmp($resultsFileOb->FileType,"bmp") == 0){
	echo "<tr><td>Thumbnail</td><td><img style = \"border-style:solid;border-width:2px;width:200px; height:auto;\" src=\"/TEAMSCI/Files/".$resultsFileOb->Name."\"></td></tr>";
}
echo "</table><BR>";

//Now build the comment system
//Display box and submission button to get user comment
//Below, display all of the submitted comments

//First Display Prompt and Submission button
?>

<form method = 'post'>
<h2>Insert Comment here</h2<BR>
<textarea name = "comment" cols = "40" rows = "4" MAXLENGTH = 2000></textarea><BR><BR> 
<input type = 'submit' name = 'add1' value = 'Submit' /><br /><BR><BR>
</form>

<?php
//Display all of the comments for the file
$comment_query = sprintf("SELECT * FROM Comments WHERE File = '%s' ORDER BY Time DESC",
	mysql_real_escape_string($resultsFileOb->FileID, $pwdb));
$comment_q_results = dbquery($comment_query);
echo "<h2>COMMENTS</h2><BR><BR><table id = \"infotable\">";
echo "<tr><th width = 400 height = 50>Comment</th><th width = 200>User</th><th>Date Posted</th></tr>";
  
//So long as there are comments to display for a given file, display

while($comment_results = mysql_fetch_object($comment_q_results)){
  echo "<tr><td width = 400 height = 50>$comment_results->Text</td><td width = 200>$comment_results->User</td><td>".date("F j Y",$comment_results->Time)."</td></tr>";
}
echo "</table>";
print_footer();
?>